<?PHP
// vim: set expandtab tabstop=4 shiftwidth=4:
// +----------------------------------------------------------------------+
// | SAPID: XML Sapiens Engine Demonstrator                               |
// +----------------------------------------------------------------------+
// | Author:  Max Baryshnikov aka Mephius <mb@rg.by>	                  |
// | Copyright (c) 2004 Max Baryshnikov                                   |
// | http://sapid.sourceforge.net	                                      |
// +----------------------------------------------------------------------+
// | This source file is free software; you can redistribute it and/or    |
// | modify it under the terms of the GNU Lesser General Public           |
// | License as published by the Free Software Foundation; either         |
// | version 2.1 of the License, or (at your option) any later version.   |
// |                                                                      |
// | This source file is distributed in the hope that it will be useful,  |
// | but WITHOUT ANY WARRANTY; without even the implied warranty of       |
// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU    |
// | Lesser General Public License for more details.                      |
// +----------------------------------------------------------------------+
// Release: 28.11.04 (dd/mm/yy)
// $Id: templates.inc.php,v 1.6 2006/05/17 17:35:31 toxin76 Exp $

if (!defined("SAPID_STARTED")) die("Hacking attempt!");
if($env["user"]["GROUP"]=="wheel")
switch ($_GET["option"]){
	case "templates":
	if($_FILES){
		if($_FILES["tpl"]["error"]==0){
			if(strstr($_FILES["tpl"]["type"], "text")){
				if(!preg_match("/\.tpl/is", $_FILES["tpl"]["name"])) $_FILES["tpl"]["name"]=preg_replace("/\..{3,4}$/is", ".tpl", $_FILES["tpl"]["name"]);
				if(is_file(ROOT_PATH."usr/templates/" . $_FILES["tpl"]["name"])){
					@move_uploaded_file($_FILES["tpl"]["tmp_name"], ROOT_PATH."usr/templates/".str_replace(".tpl", "_".substr(time(), 7).".tpl", $_FILES["tpl"]["name"]));
				}else{
					@move_uploaded_file($_FILES["tpl"]["tmp_name"], ROOT_PATH."usr/templates/".$_FILES["tpl"]["name"]);
				}
			}
		}
		if($_FILES["otpl"]["error"]==0){
			if(strstr($_FILES["otpl"]["type"], "text")){
				if(is_file(ROOT_PATH."usr/templates/" . $_FILES["otpl"]["name"])){
					@move_uploaded_file($_FILES["otpl"]["tmp_name"], ROOT_PATH."usr/templates/".preg_replace("/\.(.){2,4}$/is", "_".substr(time(), 7)."\\1", $_FILES["otpl"]["name"]));
				}else{
					@move_uploaded_file($_FILES["otpl"]["tmp_name"], ROOT_PATH."usr/templates/".$_FILES["otpl"]["name"]);
				}
			}
		}
		if($_FILES["image"]["error"]==0){
			if(preg_match("/\.[jpgifnsw]{3,4}$/is", $_FILES["image"]["name"])){
				if(is_file(ROOT_PATH."usr/templates/images/" . $_FILES["image"]["name"])){
					@move_uploaded_file($_FILES["image"]["tmp_name"], ROOT_PATH."usr/templates/images/".preg_replace("/\.(.){3,4}$/is", "_".substr(time(), 7)."\\1", $_FILES["image"]["name"]));
				}else{
					@move_uploaded_file($_FILES["image"]["tmp_name"], ROOT_PATH."usr/templates/images/".$_FILES["image"]["name"]);
				}
			}
		}
		if($_FILES["file"]["error"]==0){
			if(is_file(ROOT_PATH."usr/templates/files/" . $_FILES["file"]["name"])){
				@move_uploaded_file($_FILES["file"]["tmp_name"], ROOT_PATH."usr/templates/files/".preg_replace("/\.(.){3,4}$/is", "_".substr(time(), 7)."\\1", $_FILES["file"]["name"]));
			}else{
				@move_uploaded_file($_FILES["file"]["tmp_name"], ROOT_PATH."usr/templates/files/".$_FILES["file"]["name"]);
			}
		}

	}


	$d = dir(ROOT_PATH . "usr/templates/");
	$panel="
			<script src=\"{$http_path}usr/system/lightbox/lightbox.js\" type=\"text/javascript\" language=\"javascript\"></script>
			<link rel=\"stylesheet\" type=\"text/css\" href=\"{$http_path}usr/system/lightbox/lightbox.css\">
			<script type=\"text/javascript\" language=\"javascript\">
				var loadingImage = '{$http_path}usr/system/lightbox/loading.gif';
				var closeButton = '{$http_path}usr/system/lightbox/close.gif';	
			</script>
			<div style=\"padding-left: 20px; padding-bottom: 10px;\">
			".$lang["TemplatesInterfaceDewscription"]."
			<div style=\"padding: 10px 0px 5px 0px;\"><input class=\"sapidcms_cont_btn\" type=\"button\" onclick=\"location.href='".$env["http_path"]."?option=create_template';\" value=\"".$lang["CreateNewTemplate"]."\" /><br /><br />".$lang["Templates"]."</div>
			</div><form method=\"post\" action=\"".$env["http_path"]."?option=templates\" enctype=\"multipart/form-data\" style=\"margin: 0px 0px 0px 0px;\"><table class=\"tpanel\" cellpadding=0 cellspacing=0><tr><td class=\"header\" width=\"60%\"><b>".$lang["Template_select"]."</b></td><td class=\"header\" width=\"50\"><b>".$lang["Size"]."<b></td><td class=\"header\" width=\"150\"><b>".$lang["FileMTime"]."<b></td><td class=\"header\"><b>".$lang["Preview"]."<b></td></tr>";
	$total=0;
	while (false !== ($entry = $d->read())) {
		if ($entry!="." and $entry!=".." and preg_match("/\.tpl$/s", $entry) ) {
			$panel.="<tr><td><a href=\"".$env["http_path"]."?option=edit_template&name=".$entry."\"><img src=\"".$env["http_path"]."usr/system/images/edit.gif\" alt=\"".$lang["Edit"]."\" width=\"12\" hight=\"14\" border=\"0\" /></a>&nbsp;<a href=\"".$env["http_path"]."?option=delete_template&name=".base64_encode($entry)."\" onClick=\"return confirm('".$lang["confirm_delete"]."')\"><img src=\"".$env["http_path"]."usr/system/images/delete.gif\" alt=\"".$lang["Delete"]."\" width=\"12\" hight=\"14\" border=\"0\" /></a>&nbsp;" . $entry . "</td><td>".(round(filesize(ROOT_PATH . "usr/templates/" . $entry)/1024, 1)>=1?round(filesize(ROOT_PATH . "usr/templates/" . $entry)/1024, 1)."K":filesize(ROOT_PATH . "usr/templates/" . $entry)."B")."</td><td>".date($lang["DateFormat"], filemtime(ROOT_PATH . "usr/templates/" . $entry))."</td><td><a href=\"".$env["http_path"]."usr/system/preview.php?name=".$entry."\" target=\"_blank\">".$lang["Preview"]."</a></td></tr>\n";
			$total+=filesize(ROOT_PATH . "usr/templates/" . $entry);
		}
	}
	$d->close();
	$panel='<div style="margin-top: 3px;" class="panel">' . $panel . '
	<tr><td colspan="4"><input type="file" name="tpl"/>&nbsp;<input type="submit" value="'.$lang["Upload new"].'" style="height: 22px;"></td></tr>
	<tr><td class="header"><b>'.$lang["Total"].'</b></td><td class="header" colspan="3"><b>'.round($total/1024, 1).' KB</b></td></tr>
	</table><br /></div>';


	$d = @dir(ROOT_PATH . "usr/templates/");
	$other ="<div style=\"margin-top: 3px;\" class=\"panel\"><div style=\"padding-left: 20px; padding-bottom: 10px;\">
			".$lang["OtherFiles"]."
			</div><form method=\"post\" style=\"margin: 0px 0px 0px 0px;\"><table class=\"tpanel\" cellpadding=0 cellspacing=0><tr><td class=\"header\" width=\"60%\"><b>".$lang["File"]."</b></td><td class=\"header\" width=\"50\"><b>".$lang["Size"]."<b></td><td class=\"header\"><b>".$lang["FileMTime"]."<b></td></tr>";
	$total=0;
	if ($d) {
		while (false !== ($entry = $d->read())) {
			if ($entry!="." and $entry!=".." and !preg_match("/\.tpl$/s", $entry) and !is_dir(ROOT_PATH . "usr/templates/" . $entry) ) {
				$other.="<tr><td><a href=\"".$env["http_path"]."?option=edit_template&name=".$entry."\"><img src=\"".$env["http_path"]."usr/system/images/edit.gif\" alt=\"".$lang["Edit"]."\" width=\"12\" hight=\"14\" border=\"0\" /></a>&nbsp;<a href=\"".$env["http_path"]."?option=delete_template&name=".base64_encode($entry)."\" onClick=\"return confirm('".$lang["confirm_delete"]."')\"><img src=\"".$env["http_path"]."usr/system/images/delete.gif\" alt=\"".$lang["Delete"]."\" width=\"12\" hight=\"14\" border=\"0\" /></a>&nbsp;" . $entry . "</td><td>".(round(filesize(ROOT_PATH . "usr/templates/" . $entry)/1024, 1)>=1?round(filesize(ROOT_PATH . "usr/templates/" . $entry)/1024, 1)."K":filesize(ROOT_PATH . "usr/templates/" . $entry)."B")."</td><td>".date($lang["DateFormat"], filemtime(ROOT_PATH . "usr/templates/" . $entry))."</td></tr>\n";
				$total+=filesize(ROOT_PATH . "usr/templates/" . $entry);
			}
		}
		$d->close();
	}
	$panel .=$other . '
	<tr><td colspan="3"><input type="file" name="otpl"/>&nbsp;<input type="submit" value="'.$lang["Upload new"].'" style="height: 22px;"></td></tr>
	<tr><td class="header"><b>'.$lang["Total"].'</b></td><td class="header" colspan="2"><b>'.round($total/1024, 1).' KB</b></td></tr>
	</table><br /></div>';



	$d = dir(ROOT_PATH . "usr/templates/images/");
	$images="<div style=\"margin-top: 3px;\" class=\"panel\"><div style=\"padding-left: 20px; padding-bottom: 10px;\">
			".$lang["Images"]."
			</div><form method=\"post\" style=\"margin: 0px 0px 0px 0px;\"><table class=\"tpanel\" cellpadding=0 cellspacing=0><tr><td class=\"header\" width=\"60%\"><b>".$lang["File"]."</b></td><td class=\"header\" width=\"50\"><b>".$lang["Size"]."<b></td><td class=\"header\"><b>".$lang["FileMTime"]."<b></td><td class=\"header\"><b>".$lang["Preview"]."<b></td></tr>";
	$total=0;
	if ($d) {
		while (false !== ($entry = $d->read())) {
			if ($entry!="." and $entry!=".." and preg_match("/\.[jpgifnsw]{3,4}$/is", $entry) and !is_dir(ROOT_PATH . "usr/templates/images/" . $entry) ) {
				$images.="<tr><td><a href=\"".$env["http_path"]."?option=delete_template&name=".base64_encode("images/".$entry)."\" onClick=\"return confirm('".$lang["confirm_delete"]."')\"><img src=\"".$env["http_path"]."usr/system/images/delete.gif\" alt=\"".$lang["Delete"]."\" width=\"12\" hight=\"14\" border=\"0\" /></a>&nbsp;" . $entry . "</td><td>".(round(filesize(ROOT_PATH . "usr/templates/images/" . $entry)/1024, 1)>=1?round(filesize(ROOT_PATH . "usr/templates/images/" . $entry)/1024, 1)."KB":filesize(ROOT_PATH . "usr/templates/images/" . $entry)."B")."</td><td>".date($lang["DateFormat"], filemtime(ROOT_PATH . "usr/templates/images/" . $entry))."</td><td>
				<a href=\"".$env["http_path"]."usr/templates/images/$entry\" rel=\"lightbox\" >".$lang["Preview"]."</a></td></tr>\n";
				$total+=filesize(ROOT_PATH . "usr/templates/images/" . $entry);
				
			}
		}
		$d->close();
	}
	$panel .=$images . '
	<tr><td colspan="4"><input type="file" name="image"/>&nbsp;<input type="submit" value="'.$lang["Upload new"].'" style="height: 22px;"></td></tr>
	<tr><td class="header"><b>'.$lang["Total"].'</b></td><td class="header" colspan="3"><b>'.round($total/1024, 1).' KB</b></td></tr>
	</table><br /></div>';


	$d = @dir(ROOT_PATH . "usr/templates/files/");
	$files="<div style=\"margin-top: 3px;\" class=\"panel\"><div style=\"padding-left: 20px; padding-bottom: 10px;\">
			".$lang["UserFiles"]."
			</div><form method=\"post\" style=\"margin: 0px 0px 0px 0px;\"><table class=\"tpanel\" cellpadding=0 cellspacing=0><tr><td class=\"header\" width=\"60%\"><b>".$lang["File"]."</b></td><td class=\"header\" width=\"50\"><b>".$lang["Size"]."<b></td><td class=\"header\"><b>".$lang["FileMTime"]."<b></td></tr>";
	$total=0;
	if ($d) {
		while (false !== ($entry = $d->read())) {
			if ($entry!="." and $entry!=".." and !is_dir(ROOT_PATH . "usr/templates/files/" . $entry) ) {
				$files.="<tr><td><a href=\"".$env["http_path"]."?option=delete_template&name=".base64_encode("files/".$entry)."\" onClick=\"return confirm('".$lang["confirm_delete"]."')\"><img src=\"".$env["http_path"]."usr/system/images/delete.gif\" alt=\"".$lang["Delete"]."\" width=\"12\" hight=\"14\" border=\"0\" /></a>&nbsp;" . $entry . "</td><td>".(round(filesize(ROOT_PATH . "usr/templates/files/" . $entry)/1024, 1)>=1?round(filesize(ROOT_PATH . "usr/templates/files/" . $entry)/1024, 1)."KB":filesize(ROOT_PATH . "usr/templates/files/" . $entry)."B")."</td><td>".date($lang["DateFormat"], filemtime(ROOT_PATH . "usr/templates/files/" . $entry))."</td></tr>\n";
				$total+=filesize(ROOT_PATH . "usr/templates/files/" . $entry);
			}
		}
		$d->close();
	}

	$panel .=$files . '
	<tr><td colspan="3"><input type="file" name="file"/>&nbsp;<input type="submit" value="'.$lang["Upload new"].'" style="height: 22px;"></td></tr>
	<tr><td class="header"><b>'.$lang["Total"].'</b></td><td class="header" colspan="2"><b>'.round($total/1024, 1).' KB</b></td></tr>
	</table><br /></div>';


	break;
	case "edit_template":
	if ($_POST["html"] and $_POST["name"] and $DEMO_MODE!="enabled") {

		//$_POST["html"]=preg_replace("/\[(\/)?textarea(.*?)\]/is", "<\\1textarea\\2>", $_POST["html"]);
		$fp=fopen(ROOT_PATH . "usr/templates/" . $_POST["name"], "w+");
		fwrite($fp, (ini_get("magic_quotes_gpc")?stripslashes($_POST["html"]):$_POST["html"]));
		fclose($fp);
		$_GET["option"]="templates";
		option_switch();
		break;
	}


	$template=preg_replace("/\//", "", $_GET["name"]);
	$fp=fopen(ROOT_PATH . "usr/templates/" . $template, "r");
	$size=filesize(ROOT_PATH . "usr/templates/" . $template);
	$data=fread($fp, $size);
	fclose($fp);
	include(ROOT_PATH."usr/system/edit_template.inc.php");
	$data=preg_replace("/<(\/)?textarea(.*?)>/is", "&lt;\\1textarea\\2&gt;", $data);

	$panel = "<div class=\"panel\" style=\"margin-top: 3px; text-align: center;\"><b>".$lang["templateediting"].":</b> ".$_GET["name"]."<br /><br /><form method=\"post\"  onClick=\"id_form_focus='form_1'\" id=\"form_1\"><input type=\"hidden\" name=\"name\" value=\"".$_GET["name"]."\">".$panel."
	<textarea name=\"html\" id=\"html\" ONSELECT=\"storeCaret(html);\" ONCLICK=\"storeCaret(html);\" ONKEYUP=\"storeCaret(html);\" style=\"width: 100%; height: 395px; margin: 5px 15px 5px 5px; ".($SystemTextAreaStyle ? $SystemTextAreaStyle : "background-color: white; font-family: Courier new,Tahoma, Arial; font-size: 12px;")."\" cols=\"100\">".$data."</textarea>
	".$bottom_panel."<br /></form></div>";

	break;
	case "create_template":
	if ($_POST["html"] and $_POST["name"] and $DEMO_MODE!="enabled") {
		$fp=fopen(ROOT_PATH . "usr/templates/" . $_POST["name"] . ".tpl", "w+");
		fwrite($fp, (ini_get("magic_quotes_gpc")?stripslashes($_POST["html"]):$_POST["html"]));
		fclose($fp);
		$_GET["option"]="templates";
		option_switch();
		break;
	}
	include(ROOT_PATH."usr/system/edit_template.inc.php");
	$panel .= "<div class=\"panel\" style=\"margin-top: 3px; text-align: center;\"><form style=\"margin: 0px 0px 0px 0px\" method=\"post\"  onClick=\"id_form_focus='form_1'\" id=\"form_1\"><b>".$lang["templatecreating"].":</b> <input type=\"text\" name=\"name\">.tpl<br />".$panel."
	<textarea name=\"html\" id=\"html\" ONSELECT=\"storeCaret(html);\" ONCLICK=\"storeCaret(html);\" ONKEYUP=\"storeCaret(html);\" style=\"width: 100%; height: 400px; margin: 5px 15px 5px 5px; ".($SystemTextAreaStyle ? $SystemTextAreaStyle : "background-color: white; font-family: Courier new,Tahoma, Arial; font-size: 12px;")."\" cols=\"100\"></textarea>".$bottom_panel."<br /></form></div>";


	break;
	case "delete_template":
	$_GET["name"]=base64_decode($_GET["name"]);
	if ($_GET["name"] and $DEMO_MODE!="enabled") {
		@unlink(ROOT_PATH . "usr/templates/" . $_GET["name"]);
	}
	$_GET["option"]="templates";
	option_switch();
	break;

}
?>